3[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

3.zip
Size

4.9MB
MD5

7b61327ef92278bcebcec9b90d77c1ba
SHA1

939957241f00de6d02ccc692fd0240fa1bb8ef06
SHA256

a1ef41b3f7232705037cfc3d7f7c0612989b029a0100233943c0ae020ce503e3
SHA512

163960022c9cd6accd5a2748d55061c0c64a0902d266bfe53c21779b59a4e18a610e2789f5a75ce2aece192b86427e54742fc7df0b4cc5743b63eb46c5c3163f
SSDEEP

98304:UZ+MBE/dtwkUj9WCFFpap6xuNm8vfgCkhyiybBm/KWgzG:wQ/X65bFFpacxYvfvsyiygNmG

Score

1^/10

Malware Config

Signatures

Files

3.zip
.zip

Password: infected
commonbase.dll
.dll windows x86

74b78c935eac41fe3ed032d70bbd9782

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
InsertMenuItemW
InsertMenuW
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
IsDebuggerPresent
MulDiv
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemTimes
GetStdHandle
GetProcessHeap
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shell32

ShellExecuteW
Shell_NotifyIconW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

Exports

Exports

AmBum23geEI8ixg454sas5KqyRT4njM
BgLAcY5ucwebQ443SFyyqmjODcmnPIL
Bmgih7ECrL6kJGRiaLvY8jbjYbUanlv
BpsAJ5ltoMn9or3Mnjog8WIS4wyDvLI
CwmpMaKYQ9Bmc5wZ5pINTmQLyfIPr4W
E8AzciM1Ypjz44ZaxKfzSiv7nf8KetZ
F05jNwhiOVccNlVCxCdcyAvg3w5wvB9
F4QsFkaO253E0dzdC89GAJEAejrttVH
FhnqsNWjFHDAyAVy3DkIvCfkSSum9tX
Fl4IXS038A8WbghQgOh6cpaaHuDnrpc
GFexmm79sYr2QUIk0exqUzSrZSMJqGJ
HMp80L5hFsPOevCp2N7X7Bol8kiMvIl
HmacqDgSBkyHfkoGPd12ypCFP2DBmF1
I9HdAU5TbLg8PiUKS2ylb1TrNl8d6Ql
IOvolgkLuwvDreIOi6TLDo94gwT7pUs
IVZjCPCRPHrC5UFIPDEdAc1ZuwvEK6x
Idk0qtkBe93keL1XFHxVqGKQylySSns
J1KvAYkjPeU1vUOLPvjqvZCpaCFGkBk
MysJYkR1RIZmTf9wop8kV0iAm4nlISi
N5CXGOrewBQ65fAmLgRxqeFYF2LhLUA
NoskuhnhnqC620En4FOuHRnmTcEj7iK
Ob66jBWoV705fqSfif6wTyftIe157h2
PWCKC6aIVs17IRFjzJUqSUBZIgyrqwe
PkKLB9Udbq6C1oieJHcs50Eo3XKJlgI
Pqq5SPQY02aBIoNMVuM94rmOMram7I4
Q5kRudn8MXqqTI6NzvcFRT0gJS0gLuK
QMsmCjd2oE7VVOqTiv8kPSfUX8oT9Aj
Qiyg4kBRioh8VnxDZrS1Cu7SLisuuMR
QjRTopsSzuCvb6Ebv9IZ8ElOMCpnKS1
RP1ExJaI3CwEOYmtPPsV45CEVcdjITi
RXIp3iyHcdzOPhE5C2SEJjmToYVfHvK
RzhU0lBboRACDOcWzWLKSp0BCchUkXg
SkA9PNZy43lXntZYpP3b5M4PhkztiXW
T9FgcE41fg6MDrx47IDAJTBz0WUKfi7
TMethodImplementationIntercept
UB2Kl6sL7cC1JkRctPYkHA014QiR9zS
V2F7SstRUlMFnLsn7HbIzg8Y11BJwcU
Xx9lNUC9tJMupZwnlF8gjM7GPuDT8Y0
YtDDAyNF2ZL105oF3tlfYbyBl70w7Z3
ZKDdgIv3LOcc7FWl6oEAYU0ueZxzoTE
bGT3zPQJpSorloZkPhztyRwJCG8GYl4
ba1H1MOf2s4HCZvzdMgdx6ZOK6zgefY
cLFFRStCCf2avkcfAqB60KUpgjbn3ep
d0Vd97NPAgjcgMg17EwauImU6EB7jt3
dhXbtkoDVZUy1bX6WwwcfSYuhUstp9S
egf58nKahferhvVE4KwrSUU25vohOPP
f50VDcXGgqgy0GCRE7LXi6tsxtiEpgk
g1HYaulnMDEpRA0dqHyJ6j54XRx8JHu
gG87eVgiUmmhE11ccdk7cHork4Ly0OL
gYHtXBOhBW7Gwv2XcwnaAnmUYqI5JwI
gn4xIKl5nAGRF0o1nX6HVssIEFKxTBe
htOdbd13MsB2pK6mMEiKUxgrQbbzTmq
iIHfY3edMal17dItD4YmDePiN5R1yXR
iL4UUqOiKKhlrClABFa8JrXi5RyOaBi
jEdrqolBMpsDUGmafxC6rTi9r0ultw3
krnKp88GyZOnewGSDBoA6UOvvJKPS6b
ltGwbMByD9Ysjnlw930vrrvB42wFIzz
lwdUbD8GxiphpOUtqPmrLrYoJPChIUT
mBoGcHHAWonMrSQ7Cj2svOkDMFXp5oU
nGj3X3Y8Qpo5aYAE4jaTapm7WeBofLD
nRsNjXpgieyJUlokrkKnryqodP0tYj8
nnL8te2Ikm1oE0sc8ZwXW1ltqSso7b3
o87kGDnCANNQtNbGo7HWvOfhDz6FUHY
q845RBj8OhU8BtgOQilKUDpzXF6aeRg
sjciSkS1YzDIN8LzmeTTFtyi5gK9adb
skkDLDfDOJZVlUJhD72LDEGvWNiKayn
svmtBklcpcV9nl0j0NGdoqszhS8VZC5
t1UtxeDX7Zxp8JL5uvbmB8RH5noV1TT
tZr16XuV1hD5sxlzoYCcQ1zKsZwhdU8
tdzVjXc2rI7TyVcmn4pmmp6nc9YlLxc
tedLoMiTijwHtjORd8OYuNltfaMD1Yr
tgv3e3zQKywN09SJ6HwqzkGHylxdPTL
uEi2uC3IL2gXYRwvTFsHpSzGhv0jfKU
vR0WrVImOuuWUQxkZFaORUMhWqjq8mb
w07OVAzCBsazLtNAzA9nGYvmKiK4SK5
wddktcaI4rvy5isaTxABHsqNe23ZIeJ
wl2FWh8b4xVoNmk456pnKbCIEP3oFBH
xiJMP9ohGYzDVFp2vOl9yqWNiNgmr1o
xzSSjTDO1AeZm1ZIYxHtmwFqrhenjk9
yOGiTntGPDHFg5C3VtuE5aHpMwhxzna
yVM40b4GMuVnUWcFd2g6hav0VWg2680
yyKrLYY2iY1Fm1Lo84OpM5WRDmxWIdR
z2GQBSgMxmOTcjXNzWcNlOTETD8i52f
zErL7yvjhVGpBcGPCw8IHnY6tUYnjz9
zMNUTT4R6MthQvuMpJPEnYqKqwcLOWr
zVtUWmVs3doswy002drxGlhWcFgsm2s
zaOMApPwD44Q2LiwBpP4X9t9822VnYf

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
core.dll
.dll windows x86

a33d35ed2385d0bc5af78feec532bc79

Code Sign

18:ef:38:db:d5:fe:59:db:9e:d0:eb:d0:91:f5:e9:23
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

04/07/2016, 04:58

Not After

04/09/2019, 04:58

Subject

CN=Sunny Network Tech LTD.,O=Sunny Network Tech LTD.,L=Beijing,ST=Beijing,C=CN,1.2.840.113549.1.9.1=#0c17737570706f72744073756e6e796469676974732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8b:bb:50:1a:06:24:51:d4:3c:b4:db:37:54:b0:e7:66:36:07:f2:66
Signer

Actual PE Digest

8b:bb:50:1a:06:24:51:d4:3c:b4:db:37:54:b0:e7:66:36:07:f2:66

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Sunny Network Tech LTD.,O=Sunny Network Tech LTD.,L=Beijing,ST=Beijing,C=CN,1.2.840.113549.1.9.1=#0c17737570706f72744073756e6e796469676974732e636f6d

22/04/2023, 01:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
HeapSize
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
GetCommandLineA
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

corem

ord6
ord7
ord5
ord8
ord9
ord12
ord10
ord11
ord3
ord4

corez

ord4
ord3
ord1

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
corez.dll
.dll windows x86

3a6208e9852e54657a09e7b0f511ece8

Code Sign

18:ef:38:db:d5:fe:59:db:9e:d0:eb:d0:91:f5:e9:23
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

04/07/2016, 04:58

Not After

04/09/2019, 04:58

Subject

CN=Sunny Network Tech LTD.,O=Sunny Network Tech LTD.,L=Beijing,ST=Beijing,C=CN,1.2.840.113549.1.9.1=#0c17737570706f72744073756e6e796469676974732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ca:72:d7:e7:72:16:92:ca:69:c3:da:da:59:7a:f1:f9:9d:06:5e:1f
Signer

Actual PE Digest

ca:72:d7:e7:72:16:92:ca:69:c3:da:da:59:7a:f1:f9:9d:06:5e:1f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Sunny Network Tech LTD.,O=Sunny Network Tech LTD.,L=Beijing,ST=Beijing,C=CN,1.2.840.113549.1.9.1=#0c17737570706f72744073756e6e796469676974732e636f6d

22/04/2023, 01:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualAlloc
VirtualFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
HeapAlloc
HeapFree
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
RtlUnwind
GetCommandLineA
GetVersion
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapReAlloc
ExitProcess
WriteFile
ReadFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TlsAlloc
TlsFree
SetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
CreateFileA
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
SetEndOfFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dmocx.dll
.dll windows x86

74b78c935eac41fe3ed032d70bbd9782

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit
GetErrorInfo
SysFreeString

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegUnLoadKeyW
RegSetValueExW
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegLoadKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegConnectRegistryW
RegCloseKey

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
InsertMenuItemW
InsertMenuW
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CreateAcceleratorTableW
CopyImage
CopyIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFree
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
TryEnterCriticalSection
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
RaiseException
IsDebuggerPresent
MulDiv
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
HeapSize
HeapFree
HeapDestroy
HeapCreate
HeapAlloc
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemTimes
GetStdHandle
GetProcessHeap
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumSystemLocalesW
EnumResourceNamesW
EnumCalendarInfoW
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

gdi32

UnrealizeObject
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SetAbortProc
SelectPalette
SelectObject
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
Chord
BitBlt
ArcTo
Arc
AngleArc
AbortDoc

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shell32

ShellExecuteW
Shell_NotifyIconW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Copy
ImageList_LoadImageW
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_SetOverlayImage
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

Exports

Exports

A0ujLopl0A3ZxiGYCmSfZ11kYRkmBHJ
A4JbNFMmV4qBvy1VQr9aQq95dCUSymt
ATHBuR5Fex4nMuAyh2mwBGCqDkgAb3h
AVVhXgGx1qCuFgudV20Jxf81q2ehtfY
An1qCyNqLmQLkr2XgG8UQ7zfX69NqfS
BKLfrlQ8X2mUlIgKdWM34oREc3fHgUs
BnqazrdcEI5eqbBfFqhZseMR7hOnVjz
CbDWIfjI35PxQyGaoceqiQSwJ5RTAk9
E853IcbGo5wqix1dFT31zyeIRz80CJJ
F7ngcYi7KD70M2BPgQgxe84zlnVVzsl
FxidtWCaIxz4U2TUW20vEhl6Hifnwev
HHhFkKR0pajOEI1N72x738UwqWhJtQs
HgTZOOC0yBBlfOtdnnIy8PBTdQNmRR5
Hm1zc2xet1q1k66RRdGHPBoX2f1zQH9
JBLa0I4jB33IBr0c9we3ieiebByw1Ob
JdY67T5eAOjOOETTxVnUlNxesMLZtBF
KkEHD4sX0FtfgmWKIgW6SfJVWeJeahY
LbiJLUmlOPgRoEUZVWptd6nuYJiF0Td
Li2oQXzcP1xhB0xCLfYdV18LZgJtjtp
LlTsCztwiIirQN4mjBqn7QurOWPzvcs
M2IROw4wRx7y30So3dUc8FQ3PCq3zC9
M2fTTAh5Lrhh6iPgYivNuqsyBUC2izp
M4zbGu4a0rQLkdfiMBWa3PLitauvtAj
MlvB5rygsSx9tkVftNzvblvYQwOh0vP
MnpXySTeuG0hDmrhHpxWhmPGwPLl4Fm
NA2rnz8KSJyVVQbV5ltNIkJCUoIhsvh
Ne88ld14Foaib13g3C7NC6YL2dKaSeU
OoYrSWHUHWmUtPA6XCEthvpRzGgflRe
OsvAizYkoWhL4izqjtMcrM79P9PVR6f
Pb3PmXTWg1hkwp9yodvdTWGUX0hA1oi
Q6cHNwCamXrpoTuBzJv4o66Z2kFbJI4
QXvzi8hCb192icHDfyrLdDaju5kmgoa
QqhiK4FqbPd65OCwIY2w5wiSWU8WO05
R6YrrUw3Hd7hVhszARYsg2v6wHVIyK0
ROQps6LilIwlIaoS2cGI0ZDCQkFHLkf
S14FZoZ3Wmr1FY3uKHbvy2Zf95HwFya
SzS9I3y6IkRXDxMj9h7GFGaxMdI3nRg
T19W407QLGVtnnwx03xFnC6gwsY8Xqv
TIvNF85cbKLw1iRZONj55Wvya6gs0YC
TMethodImplementationIntercept
VQXta9o5LO0COx7azYGkxPAlIBeQbyE
Vw1FF1whfq5TpqqrmroMjNREVbvCDuO
XEf1iw8DLxu68N0TIgg3JdycqZa1LYe
Y2UHW3rthnDs1nRXO7xhGuZKbX8kMnz
YzxiD5HkuaQXQYTHeyiurhcfOaEtUVF
ZbUscZwBZT56hz37ne49YSwxE2KkDfT
ZdDIdPlxxYqGU1P34lLeXqqlNA89uPu
ZorjQkiqhNPIRQSn85ocVg2IctYWVeo
a7tafzej3r0Mrg6GLMgzoWabq8J3SmM
azjVQJnRHpNTKpud3J1btDakbQDgWZH
bRVpiQlfMxb3e98iHzarswkg5WagLWF
dAOLqpK1XFQBXBjevXQU5o5h9qtw88W
dHZLvDcl19d8RrNOBDHAcEexraRA9E9
dSezNF3eGA3zftE5GwwrfwwR0UfyxDE
eAp8ao3bO7ey0RkL0BfqGqFilAgnG5r
f8DhjtNwmWtl9f4g5MXD2vjsj2TOnYE
g9P4bqO6FafWRIdwKSrtPgnUfd2jH6Q
h16mZo62ex3xk8VIu3wCIbobURcEudX
hiOVZhDOwJorS8UwkrfXKKCmVrvHWb2
hitycBf6fE5kS1iWUFqXkzVXk5H4MAZ
i4NieH1g7LJWGEJUHr42gXetExhqqHY
i8Y9Eq562h6wv2TE3EE9q6fneqzvZwZ
jilaPOXmxuStbkxM0gwdRjOaAJcly0J
k1ErbEB3wPc7FgXgMG31FL9BPJJAWC9
kMgUvP1HKkCa8hS4HuxQFTlr951CnKQ
legmWgOVdCl56Ox4R0ZUYQ9AB7ljerG
muFm4SZpfEpDC70bSOQ6MdaPqjiqymy
nEiboSyLiaV4fU1iEsqpdTvTLTxKFPd
oiwPAlYVMBgo1dFKdYODNdjvchajTOR
p2SXTbV8zILjVwFiFXV98JxmuFZe2S3
p5foLyVmumGaOffWLsBbgfTmbJmut34
pV5AWnN5feOKOvZ5KFF8jCtK0qNXqN0
ptRqMDJrgqNxORrpPWd4GCSobKNknMw
qPXKPjCD3sywuUqfPDyIa2ss0EltUpl
rIsOtCWFwlQvud8dUi3jRQdyHrDl3Ey
tQDVM5asrnM8UC6Wyi4WlkJQt2nmh8a
tykJtUogZrSsCotURfypQEEGXOrohqf
uRQyLS0SjqOd8jP20CRinVSzEh9EGks
udSn9FDmgQ7bTrwauJpaOTCAuSRi9ae
vJ8jznxAjDVEb341CBqH5y1aymYrjr2
vkbK4URpfFNOguat9fOYadbMBDxgHfw
vtBPRxnyFpvHcBEbnzXRuIQtE76WjNV
w4hOrqod2mEv8JRTea2P1RMVak8faX6
wo2idsJNNJqnsUw3aSNFozAlORyW968
x7vw2c8VUTv7EqZGbJJU0U1IEhPZ4Cu
xrGeHmhDHqP6kLbIgWWcRQRfK4YhEiM
ydLvD7wWSkS4V3pPbZUv4bbDddu2BVL
ydbqn24pQ947c9XWA3RrhwMaeSkXD7K
zzxdwkrfuyfiJNg9ZhiBinvNfFWgw7T

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 22KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ieapfltr.exe
.exe windows x86

603b14ed571e804ccb147acface8b7ff

Code Sign

18:ef:38:db:d5:fe:59:db:9e:d0:eb:d0:91:f5:e9:23
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

04/07/2016, 04:58

Not After

04/09/2019, 04:58

Subject

CN=Sunny Network Tech LTD.,O=Sunny Network Tech LTD.,L=Beijing,ST=Beijing,C=CN,1.2.840.113549.1.9.1=#0c17737570706f72744073756e6e796469676974732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c5:98:97:0e:23:1b:a0:b3:fd:e4:ab:fc:34:e4:94:e8:2b:5e:53:b6
Signer

Actual PE Digest

c5:98:97:0e:23:1b:a0:b3:fd:e4:ab:fc:34:e4:94:e8:2b:5e:53:b6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Sunny Network Tech LTD.,O=Sunny Network Tech LTD.,L=Beijing,ST=Beijing,C=CN,1.2.840.113549.1.9.1=#0c17737570706f72744073756e6e796469676974732e636f6d

22/04/2023, 01:04
Valid: false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
GetActiveObject
SysFreeString
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
GetUserNameW

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongW
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharToOemW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrlenW
lstrcpyW
WritePrivateProfileStringW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualFree
VirtualAlloc
UnmapViewOfFile
SwitchToThread
SizeofResource
SignalObjectAndWait
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
OpenFileMappingW
MultiByteToWideChar
MulDiv
MapViewOfFile
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalSize
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVersionExW
GetVersion
GetUserDefaultLCID
GetTickCount
GetThreadLocale
GetTempPathW
GetStdHandle
GetProcAddress
GetPrivateProfileStringW
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetFileSize
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
FindFirstFileW
FindClose
EnumCalendarInfoA
EnterCriticalSection
DeleteCriticalSection
CreateThread
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CompareStringW
CloseHandle
Sleep

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetMapMode
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SaveDC
RestoreDC
RectVisible
RealizePalette
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateEnhMetaFileW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CloseEnhMetaFile
BitBlt

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

CreateStreamOnHGlobal
IsAccelerator
OleDraw
OleSetMenuDescriptor
OleUninitialize
OleInitialize
CoTaskMemFree
ProgIDFromCLSID
StringFromCLSID
CoCreateInstance
CoGetClassObject
CoUninitialize
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

wininet

InternetSetOptionW
InternetOpenW
InternetCloseHandle

shell32

ShellExecuteW
SHGetSpecialFolderPathW

commonbase

ord40
ord30
ord21
ord20
ord4
ord3
ord2
ord1

Sections

.text
Size: 640KB - Virtual size: 640KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ieapfltr.hsn
ieapfltr.txt
lwpage.dat
mload.dll
.dll windows x86

74d7a8a5b240a6cd453be85d2358a7ac

Code Sign

18:ef:38:db:d5:fe:59:db:9e:d0:eb:d0:91:f5:e9:23
Certificate

Issuer

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Not Before

04/07/2016, 04:58

Not After

04/09/2019, 04:58

Subject

CN=Sunny Network Tech LTD.,O=Sunny Network Tech LTD.,L=Beijing,ST=Beijing,C=CN,1.2.840.113549.1.9.1=#0c17737570706f72744073756e6e796469676974732e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/08/2009, 01:00

Not After

08/08/2039, 01:00

Subject

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

Issuer

CN=Certification Authority of WoSign,O=WoSign CA Limited,C=CN

Not Before

08/11/2014, 00:58

Not After

08/11/2029, 00:58

Subject

CN=WoSign Class 3 Code Signing CA G2,O=WoSign CA Limited,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:1f:58:5f:fc:76:f6:29:b7:c7:d5:99:9a:df:8d:32:85:ee:cc:a1
Signer

Actual PE Digest

5f:1f:58:5f:fc:76:f6:29:b7:c7:d5:99:9a:df:8d:32:85:ee:cc:a1

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Sunny Network Tech LTD.,O=Sunny Network Tech LTD.,L=Beijing,ST=Beijing,C=CN,1.2.840.113549.1.9.1=#0c17737570706f72744073756e6e796469676974732e636f6d

22/04/2023, 01:04
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringW
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
HeapFree
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
VirtualAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
OpenProcess
CloseHandle
GetProcessId
DuplicateHandle
SearchPathW
CreateFileW
GetFileSize
ReadFile
WaitForSingleObject
GetExitCodeThread
VirtualProtectEx
VirtualAllocEx
ReadProcessMemory
WriteProcessMemory
VirtualFreeEx
IsWow64Process
GetProcessHeap
RaiseException

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SharedDa
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

74b78c935eac41fe3ed032d70bbd9782

Headers

File Characteristics

Imports

oleaut32

advapi32

user32

kernel32

gdi32

version

shell32

ole32

comctl32

winspool.drv

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.itext Size: 6KB - Virtual size: 6KB

.data Size: 22KB - Virtual size: 21KB

.bss Size: - Virtual size: 22KB

.idata Size: 14KB - Virtual size: 13KB

.didata Size: 2KB - Virtual size: 2KB

.edata Size: 4KB - Virtual size: 3KB

.reloc Size: 186KB - Virtual size: 185KB

.rsrc Size: 26KB - Virtual size: 26KB

a33d35ed2385d0bc5af78feec532bc79

Code Sign

18:ef:38:db:d5:fe:59:db:9e:d0:eb:d0:91:f5:e9:23Certificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

8b:bb:50:1a:06:24:51:d4:3c:b4:db:37:54:b0:e7:66:36:07:f2:66Signer

Signature Validations

Verification

22/04/2023, 01:04 Valid: false

Headers

File Characteristics

Imports

kernel32

corem

corez

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 7KB - Virtual size: 6KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 3KB - Virtual size: 3KB

3a6208e9852e54657a09e7b0f511ece8

Code Sign

18:ef:38:db:d5:fe:59:db:9e:d0:eb:d0:91:f5:e9:23Certificate

Extended Key Usages

Key Usages

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91Certificate

Key Usages

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54Certificate

Extended Key Usages

Key Usages

ca:72:d7:e7:72:16:92:ca:69:c3:da:da:59:7a:f1:f9:9d:06:5e:1fSigner

Signature Validations

Verification

22/04/2023, 01:04 Valid: false

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 68KB - Virtual size: 64KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 16KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.itext
Size: 6KB - Virtual size: 6KB

.data
Size: 22KB - Virtual size: 21KB

.bss
Size: - Virtual size: 22KB

.idata
Size: 14KB - Virtual size: 13KB

.didata
Size: 2KB - Virtual size: 2KB

.edata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 186KB - Virtual size: 185KB

.rsrc
Size: 26KB - Virtual size: 26KB

18:ef:38:db:d5:fe:59:db:9e:d0:eb:d0:91:f5:e9:23
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

8b:bb:50:1a:06:24:51:d4:3c:b4:db:37:54:b0:e7:66:36:07:f2:66
Signer

22/04/2023, 01:04
Valid: false

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 7KB - Virtual size: 6KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 3KB - Virtual size: 3KB

18:ef:38:db:d5:fe:59:db:9e:d0:eb:d0:91:f5:e9:23
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

ca:72:d7:e7:72:16:92:ca:69:c3:da:da:59:7a:f1:f9:9d:06:5e:1f
Signer

22/04/2023, 01:04
Valid: false

.text
Size: 68KB - Virtual size: 64KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 16KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.itext
Size: 7KB - Virtual size: 6KB

.data
Size: 22KB - Virtual size: 21KB

.bss
Size: - Virtual size: 22KB

.idata
Size: 14KB - Virtual size: 13KB

.didata
Size: 2KB - Virtual size: 2KB

.edata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 186KB - Virtual size: 185KB

.rsrc
Size: 26KB - Virtual size: 26KB

18:ef:38:db:d5:fe:59:db:9e:d0:eb:d0:91:f5:e9:23
Certificate

5e:68:d6:11:71:94:63:50:56:00:68:f3:3e:c9:c5:91
Certificate

37:a6:0e:92:5f:23:f8:0c:fd:cd:97:65:92:98:c3:54
Certificate

c5:98:97:0e:23:1b:a0:b3:fd:e4:ab:fc:34:e4:94:e8:2b:5e:53:b6
Signer

22/04/2023, 01:04
Valid: false

.text
Size: 640KB - Virtual size: 640KB

.itext
Size: 6KB - Virtual size: 5KB

.data
Size: 15KB - Virtual size: 14KB

.bss
Size: - Virtual size: 25KB

.idata
Size: 12KB - Virtual size: 12KB

.tls
Size: - Virtual size: 60B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 41KB - Virtual size: 40KB

.rsrc
Size: 88KB - Virtual size: 88KB

18:ef:38:db:d5:fe:59:db:9e:d0:eb:d0:91:f5:e9:23
Certificate